The Justice Department on Wednesday announced charges against four defendants -- including two Russian security services officers -- in a mega data breach at Yahoo that affected at least a half billion user accounts. In a statement, Attorney General Jeff Sessions called this “one of the largest data breaches in history.”
Two of the defendants named are Russian FSB officers, and the other two are criminal hackers. One defendant has been taken into custody in Canada, and another is on the list of the FBI’s most wanted cyber criminals. The four are accused in a 47-count indictment of computer hacking, economic espionage and other conspiracy charges.
According to Russian media, 33-year-old Dmitry Aleksandrovich Dokuchaev -- one of the FSB officers -- was arrested earlier this year by Russian authorities and jailed for treason, CBS News justice correspondent Jeff Pegues reports. Little is known about the nature of the treason charge.
Justice Department attorneys called this a highly complex, long-term investigation that relied heavily on cooperation between the federal government and the private sector, especially Yahoo and Google.
One defendant, the Justice Department says, searched Yahoo user communications “for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions,” and he also enabled the theft of the contacts of at least 30 million Yahoo accounts to utilize for a spam campaign.
In all, 500 million Yahoo accounts were compromised, totaling half of Yahoo’s total user base, Pegues reports.
The defendants named by DOJ are Russian nationals and residents Dokuchaev; Igor Anatolyevich Sushchin, 43; Alexsey Alexseyevich Belan, aka “Magg,” 29; and Karim Baratov, aka “Kay,” “Karim Taloverov”. And the other defendant, “Karim Akehmet Tokbergenov,” 22, is a Canadian and Kazakh national and lives in Canada.
A friend of Baratov’s, Saqar Khudairy, confirmed a Facebook profile as belonging to Baratov. The profile is peppered with photos of cars and includes one post in which he says he was suspended from school four years ago for threatening to kill a former friend as a joke
Khudairy said his friend told him he owned a network of servers that hosted websites, mainly in Russia.
“He’s a really nice guy. I got a great impression from when I met him. This is a huge shock,” said Khudairy, 20.
The charges arise from a compromise of Yahoo user accounts that began in January 2014, and the accused conspirators used the information they stole up until at least December 2016, the Justice Department said. Belan, who in 2013 was named by the FBI as one of its most wanted cyber criminals, was arrested in Europe 2013, but escaped to Russia. In late 2014, Belan stole a copy of Yahoo’s User Database, according to the indictment. It’s a Yahoo trade secret that contained user names, recovery email accounts, phone numbers and authenticating information for half a billion Yahoo accounts.
The two FSB officers, Dokuchaev and Sushchin, gave Belan sensitive law enforcement and intel that helped him avoid being detected by U.S. law enforcement, a Justice Department statement said.
The hackers were able to go unnoticed because the agents may have been familiar with U.S. cyber strategy, Pegues reports. Prosecutors say both worked at “Center 18,” the FBI’s main Russian contact for cyber investigations.
Though the Justice Department has previously charged Russian hackers with cybercrime -- as well as hackers sponsored by the Chinese and Iranian governments -- this would be the first criminal case brought against Russian government officials.
It comes as federal authorities investigate Russian interference through hacking in the 2016 presidential election. However, acting Assistant Attorney General Mary McCord told reporters that this indictment “doesn’t allege any connection” to the DNC breach from the summer of 2016. McCord also said that the massive hacking may have had some intelligence value, but the actions undertaken by the defendants lined their own pockets for private financial gain.
Yahoo didn’t disclose the 2014 breach until last September when it began notifying at least 500 million users that their email addresses, birth dates, answers to security questions and other personal information may have been stolen. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.